At eXpress badging®, we recognize that trust and data protection are central to every identity management program.
Introduction
While the Veonics® Portal has not yet undergone formal SOC 2 or ISO 27001 certification, our platform and processes are actively aligned with these industry standards.
This article provides a high-level overview of Veonics® Portal’s security controls and maps them to the SOC 2 Trust Services Criteria (TSC) and ISO 27001 Annex A. This transparency allows our customers to understand how we safeguard sensitive information and comply with best practices.
SOC 2 Trust Services Criteria Alignment
SOC 2 defines five key principles for managing customer data. Below is how Veonics® Portal addresses each:
🔒 Security
-
Role-Based Access Control (RBAC): Permissions are configurable by user role, ensuring least-privilege access.
-
Secure network hosting environments with continuous monitoring.
-
Data, photos, and files are securely submitted using encryption.
⚡ Availability
-
Designed for reliability to support mission-critical ID badge issuance.
-
Backup and disaster recovery readiness to minimize downtime.
✅ Processing Integrity
-
Controlled workflows for badge record creation, editing, and printing.
-
Audit logs track changes for accountability and traceability.
🛡️ Confidentiality
-
Data and photo retention policies define how customer assets are securely managed and deleted.
-
Confidential data is restricted to authorized administrators.
👤 Privacy
-
What is PII? – Clear definitions of personally identifiable information.
-
Privacy protections include encrypted submissions, access restrictions, and breach response protocols.
ISO 27001 Annex A Control Alignment
The ISO 27001 standard includes a comprehensive list of information security controls. Veonics® Portal aligns with the following:
| ISO 27001 Control | Veonics® Portal Practice |
|---|---|
| A.5 – Information Security Policies | Security guidelines for staff, customers, and platform usage. |
| A.6 – Organization of Information Security | Defined roles and responsibilities for admins and service teams. |
| A.7 – Human Resource Security | Training and access safeguards reduce insider risk. |
| A.8 – Asset Management | Badge data, photos, and print outputs treated as controlled digital assets. |
| A.9 – Access Control | Granular permissions, authentication, and customer-managed structures. |
| A.10 – Cryptography | Encrypted transmission of data and photo assets. |
| A.11 – Physical & Environmental Security | Data centers and hosting environments hardened with physical and logical safeguards. |
| A.12 – Operations Security | Secure coding practices, monitoring, and updates. |
| A.13 – Communications Security | End-to-end encrypted submissions of PII and badge data. |
| A.14 – System Acquisition, Development & Maintenance | New feature development (e.g., Read & Post RFID integration) reviewed for secure practices. |
| A.15 – Supplier Relationships | Reputable infrastructure and technology vendors with compliance standards. |
| A.16 – Incident Management | Cybersecurity incident and breach response process. |
| A.18 – Compliance | Data retention, privacy, and legal requirements observed. |
Continuous Improvement
While Veonics® Portal is not yet formally certified under SOC 2 or ISO 27001, we are committed to continuous alignment with these standards. Our roadmap includes strengthening documented controls, expanding auditability, and supporting future certification initiatives.
Key Takeaways for Customers
-
Veonics® Portal aligns with SOC 2 Trust Services Criteria and ISO 27001 Annex A controls.
-
Security controls include:
-
Role-based access control (RBAC)
-
Encryption in transit
-
Data retention and deletion policies
-
Breach response protocols
-
-
Customers can trust that their sensitive data is protected under established best practices.
📌 Learn More: